What I HATE about F11
Krzysztof Halasa
khc at pm.waw.pl
Sun Jun 14 22:08:44 UTC 2009
Leszek Matok <Lam at Lam.pl> writes:
>> a false feeling that the "non-privileged" account doesn't need the same
>> level of protection as the root account needs.
> The feeling isn't false - overtaking a root-run program is potentially more
> harmful to the system, other users and everyone in sight (root can harm the
> network, for example). Hence the root account does need more protection.
... unless the non-privileged account is used to gain root access like
in this case. Then both accounts are security-wise equivalent and thus
need the same level of protection.
Though I've met many sysadmins who don't realize this. Actually I think
most don't and some think sudo is a magic bullet.
The same can be told about accessing from untrusted locations ("I will
change password", "nobody sniffs the second su password") and other
potentialy harmful behaviour ("I have RAID as backup" etc).
--
Krzysztof Halasa
More information about the fedora-devel-list
mailing list